+7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. +8. Click **Next**. -14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
+9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: +11. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: - Shared network folder @@ -131,14 +163,6 @@ If your build is successful, the name of the provisioning package, output direct - Removable media (USB/SD) - - Email - - - USB tether (mobile only) - - - NFC (mobile only) - - - ## Apply package 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**. @@ -189,242 +213,7 @@ If your build is successful, the name of the provisioning package, output direct - Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922) -OLD CONTENT -For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning. -In this topic, you'll find the following information: - -- [Introduction to provisioning packages](#intro-prov-pkg) -- [What can provisioning packages configure for Microsoft Surface Hubs?](#what-can-prov-pkg) -- [How do I create and deploy a provisioning package?](#how-do-i-prov-pkg) -- [Requirements](#requirements-prov-pkg) -- [Install the Windows Imaging and Configuration Designer](#installing-wicd-prov-pkg) -- [Create a provisioning package for certificates](#creating-prov-pkg-certs) -- [Create a provisioning package for apps](#creating-prov-pkg-apps) -- [Deploy a provisioning package to a Surface Hub](#deploy-to-hub-prov-pkg) - - [Deploy a provisioning package using first run](#deploy-via-oobe-prov-pkg) - - [Deploy a provisioning package using Settings](#deploy-via-settings-prov-pkg) - -### Introduction to provisioning packages - -Provisioning packages are created using Windows Imaging and Configuration Designer (WICD), which is a part of the Windows Assessment and Deployment Kit (ADK). For Surface Hub, the provisioning packages can be placed on a USB drive. - -### What can provisioning packages configure for Surface Hubs? - -Currently, you can use provisioning packages to install certificates and to install Universal App Platform (UAP) apps on your Surface Hub. These are the only two supported scenarios. - -You may use provisioning packages to install certificates that will allow the device to authenticate to Microsoft Exchange or Skype for Business, or to sideload apps that don't come from the Windows Store (for example, your own in-house apps). - ->**Note** Provisioning can only install certificates to the device (local machine) store, and not to the user store. If your organization requires that certificates must be installed to the user store, you must use Mobile Device Management (MDM) to deploy these certificates. See your MDM solution documentation for details. - - - -### How do I create and deploy a provisioning package? - -Provisioning packages must be created using the Windows Imaging and Configuration Designer (ICD). - -### Requirements - -In order to create and deploy provisioning packages, all of the following are required: - -- Access to the Settings app on Surface Hub (using admin credentials which were configured at initial setup of the Surface Hub). -- Windows Imaging and Configuration Designer (ICD), which is installed as a part of the windows 10 Assessment and Deployment Kit (ADK). -- A PC running Windows 10. -- USB flash drive. - -### Install the Windows Imaging and Configuration Designer - -1. The Windows Imaging and Configuration Designer (ICD) is installed as part of the Windows 10 ADK. The installer for the ADK can be downloaded from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718147). - >**Note** The ADK must be installed on a separate PC, not on the Surface Hub. - -2. Run the installer, and set your preferences for installation. When asked what features you want to install, you will see a checklist like the one in the following figure. Note that **Windows Performance Toolkit** and **Windows Assessment Toolkit** should be unchecked, as they are not needed to run the ICD. - - Before going to the next step, make sure you have the following checked: - - - **Deployment Tools** - - **Windows Preinstallation Environment** - - **Imaging and Configuration Designer** - - **User State Migration Tool** - - All four of these features are required to run the ICD and create a package for the Surfact Hub. - -  - -3. Continue with the installer until the ADK is installed. This may take a while, because the installer downloads remote content. - -### Create a provisioning package for certificates - -This example will demonstrate how to create a provisioning package to install a certificate. - -1. On the PC that had the Windows 10 ADK installed, open ICD and choose the **New provisioning package** tile from the main menu. - -  - -2. When the **New project** dialog box opens, type whatever name you like in the **Name** box. The **Location** and **Description** boxes can also be filled at your discretion, though we recommend using the **Description** box to help you distinguish among multiple packages. Click **Next**. - -  - - Select the settings that are **Common to all Windows editions**, and click **Next**. - -  - - When asked to import a provisioning package, just click **Finish.** - -  - -3. ICD's main screen will be displayed. This is where you create the provisioning package. In the **Available customizations** pane, expand **Runtime settings** and then expand **Certificates**. Click **Root certificates**. - -  - - In the center pane, you’ll be asked to specify a **CertificateName** for the Root certificate. You can set this to whatever you want. For the example, we've used the same name as the project. Click **Add**, and an entry will be added in the left pane. - -4. In the **Available customizations** pane on the left, a new category has appeared for **CertificatePath** underneath the **CertificateName** you provided. There’s also a red exclamation icon indicating that there is a required field that needs to be set. Click **CeritficatePath**. - -  - -5. In the center pane, you’ll be asked to specify the path for the certificate. Enter the name of the .cer file that you want to deploy, either by typing or clicking **Browse**. It must be a root certificate. The provisioning package created will copy the .cer file into the package it creates. - -  - -6. Verify that the path is set, then click **Export** in the top menu and choose **Provisioning package**. - -  - -7. You'll see a series of dialog boxes next. In the first one, either accept the defaults, or enter new values as needed, and click **Next**. You'll most likely want to accept the defaults. - -  - - Click **Next** again in the security options dialog box, because this package doesn't need to be encrypted or signed. - -  - - Choose where to save the provisioning package, and click **Next**. - -  - - Review the information shown, and if it looks good, click **Build**. - -  - - You will see a confirmation dialog box similar to the one following. Click the link under **Output location** to open the directory containing the provisioning package. - -  - -8. Copy the .ppkg from the output directory into the root directory of a USB drive. If it’s not at the root, it won’t be recognized by the device. You’ve finished making the provisioning package—now you just need to deploy it to the Surface Hub. - -### Create a provisioning package for apps - -This example will demonstrate how to create a provisioning package to install offline-licensed apps purchased from the Windows Store for Business. For information on offline-licensed apps and what you need to download in order to install them, see [Distribute offline apps](http://go.microsoft.com/fwlink/?LinkId=718148). - -For each app you want to install on Surface Hubs, you'll need to download: - -- App metadata -- App package -- App license - -Depending on the app, you may or may not need to download a new app framework. - -1. On the PC that had the Windows 10 ADK installed, open ICD and choose the **New provisioning package** tile from the main menu. - -  - -2. When the **New project** dialog box opens, type whatever name you like in the **Name** box. The **Location** and **Description** boxes can also be filled at your discretion, though we recommend using the **Description** box to help you distinguish among multiple packages. Click **Next**. - -  - - Select the settings that are **Common to all Windows editions**, and click **Next**. - -  - - When asked to import a provisioning package, just click **Finish.** - -  - -3. ICD's main screen will be displayed. This is where you create the provisioning package. In the **Available customizations** pane, expand **UniversalAppInstall** and click **DeviceContextApp**. - -  - - In the center pane, you’ll be asked to specify a **PackageFamilyName** for the app. This is one of the things you downloaded from the Store for Business. Click **Add**, and an entry will be added in the left pane. - -4. In the **Available customizations** pane on the left, new categories will be displayed for **ApplicationFile** and **LaunchAppAtLogin** underneath the **PackageFamilyName** you just entered. Enter the appx filename in the **ApplicationFile** box in the center pane. - -  - - Generally, **LaunchAppAtLogin** should be set to **Do not launch app** or **NOT CONFIGURED**. - -5. Next, click **DeviceContextAppLicense** in the left pane. In the center pane, you’ll be asked to specify the **LicenseProductId**. Click **Add**. Back in the left pane, click on the **LicenseProductId** that you just added. In the center pane, you'll need to specify **LicenseInstall**. Enter the name of the license file that you previously downloaded from the Store for Business, either by typing or clicking **Browse**. The file will have a extension of "ms-windows-store-license". - -  - -6. Verify that the path is set, then click **Export** in the top menu and choose **Provisioning package**. - -  - -7. You'll see a series of dialog boxes next. In the first one, either accept the defaults, or enter new values as needed, and click **Next**. You'll most likely want to accept the defaults. - -  - - Click **Next** again in the security options dialog box, because this package doesn't need to be encrypted or signed. - -  - - Choose where to save the provisioning package, and click **Next**. - -  - - Review the information shown, and if it looks good, click **Build**. - -  - - You will see a confirmation dialog box similar to the one following. Click the link under **Output location** to open the directory containing the provisioning package. - -  - -8. Copy the .ppkg from the output directory into the root directory of a USB drive. If it’s not at the root, it won’t be recognized by the device. You’ve finished making the provisioning package—now you just need to deploy it to the Surface Hub. - -### Deploy a provisioning package to a Surface Hub - -The following two methods for deploying provisioning packages apply to any kind of provisioning package that is being deployed to a Surface Hub. There is no difference in the way cert provisioning packages and app provisioning packages are installed. You may see different description text in the UI depending on what the package is for, but the process is still the same. - -### Deploy a provisioning package using first run - -1. When you turn on the Surface Hub for the first time, the first run process will display the page titled **Hi there**. Make sure the settings on this page are correct before you proceed. (See [Hi there page](first-run-program-surface-hub.md#first-page) for details.) Once you've deployed your provisioning package, the first run process will not return here. It will continue to the next screen. -2. Insert the USB drive into the Surface Hub. -3. Press the Windows key on the separate keyboard five times. You’ll see a dialog box asking whether you want to set up your device. Click **Set Up**. - - IMage - -4. Click on **Removable Media** in the **Provision From** dropdown list, then click **Next**. - -  - -5. The available packages in the root directory of the USB drive will be listed. Note that you can only install one package during first run. Select the package you want to install and then click **Next**. - -  - -6. You’ll then see a dialog asking if it’s from a source you trust. Click **Yes, add it**. The certificate will be installed, and you’ll be taken to the next page of first run. - -  - -### Deploy a provisioning package using Settings - -1. Insert the USB drive into the Surface Hub you want to deploy to. -2. On the Surface Hub, open **Settings** and enter in the admin credentials. -3. Navigate to **System > Work Access**. Under the header **Related settings**, click on **Add or remove a management package**. -4. Here, click the button for **Add a package**. - -  - -5. Click **Removable media** from the dropdown list. You will see a list of available provisioning packages on the **Settings** page. - -  - -6. Choose your package and click **Add**. - -  - -7. You may have to re-enter the admin credentials if User Access Control (UAC) asks for them. -8. You’ll see a confirmation dialog box. Click **Yes, add it**. The certificate will be installed.